Exim BDAT Bug Opens Door to Remote Code Attacks

Robert Moore · 2026-05-12

If you're running a mail server on a Unix-like system, you'll want to pay close attention. A serious security hole has been found in Exim, the popular open-source Mail Transfer Agent. This bug, officially tracked as CVE-2026-45185 and nicknamed Dead.Letter, can lead to memory corruption and even allow attackers to execute code remotely. ### What's the Problem? Exim is the software that handles email routing and delivery for countless servers around the world. Think of it as the postal service for your digital messages. The vulnerability specifically affects builds that use GnuTLS for encryption. When Exim processes certain BDAT (Binary Data) commands, a use-after-free flaw can be triggered. In simple terms, the software tries to access memory that's already been freed up, which can cause crashes or, worse, let an attacker take control. This isn't a theoretical risk. Security researchers have confirmed that this bug can be exploited without authentication in some cases. That means a bad actor could send a specially crafted email and potentially gain access to your server. For businesses in the United States running their own mail infrastructure, this is a wake-up call. ### Who's Affected? - Any Exim server built with GnuTLS support - Systems that haven't applied the latest security patches - Organizations relying on self-managed email servers If you're using a default configuration or a standard Linux distribution's package, you're likely impacted. The good news is that the Exim team has already released updates to fix this. The bad news is that many servers remain unpatched. ### What You Need to Do Right Now First, check your Exim version. If you're running a build from before the patch release, you need to update immediately. The fix addresses the use-after-free issue by properly managing memory during BDAT command processing. Don't wait for a breach to take action. Here's a quick checklist: - Update Exim to the latest patched version - Verify that GnuTLS is configured securely - Monitor your logs for any unusual activity - Test your email flow after the update ### Why This Matters for Your Business Email is the backbone of modern communication. A compromised mail server can lead to data leaks, phishing attacks, and loss of customer trust. For US-based companies, regulatory fines from breaches can be steep. This vulnerability is a reminder that even mature, widely-used software can have critical flaws. Think of it like a lock on your front door. You expect it to work, but if a new picking technique emerges, you need to upgrade. The Dead.Letter bug is that new technique. Patching is your upgrade. ### Final Thoughts Security isn't a one-time task. It's an ongoing process. The Exim team deserves credit for quickly addressing this issue, but the responsibility falls on system administrators to apply the fix. If you're not sure about your setup, consult with a security professional. Your email server is too important to leave vulnerable. Stay safe out there. And remember, in the world of cybersecurity, an ounce of prevention is worth a pound of cure.